← Back to Skills Marketplace
biogod2020

Web Freedom Toolkit

by Biogod2020 · GitHub ↗ · v8.0.0 · MIT-0
cross-platform ⚠ suspicious
275
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install web-freedom-toolkit
Description
Universal Server-Side Web Freedom Toolkit. Harmonizes Scrapling (Self-Healing Fetch), curl_cffi (TLS Impersonation), and DrissionPage (D-Mode) for undetectab...
Usage Guidance
This package appears to implement advanced, high‑privilege tooling for bypassing anti‑bot protections (CDP takeovers, driver injection, local tunnel forwarding). That capability can be legitimate for research but is risky. Before installing or running: 1) Verify whether the registry actually enforces disable-model-invocation (SKILL.md/_meta.json claim disable-model-invocation:true but registry flags here show false). If autonomous invocation is permitted, assume the agent could run high‑privilege code. 2) Inspect and understand the gating mechanisms: the code expects a lock file (~/.openclaw/tmp/sota_active.lock), a Unix socket (/tmp/.sota_auth.sock), and an env var SOTA_NUCLEAR_CONFIRMED for ‘nuclear’ actions — none are declared in manifest. 3) Only run in an isolated VM/container with no sensitive host services reachable; the relay/tunnel and CDP takeover code can be used to pivot to other local services. 4) If you do not need driver injection or socket tunneling, prefer a minimal tool that only uses scrapling or curl_cffi. 5) If you trust the author and need this functionality, require a registry-level policy that enforces disable-model-invocation:true and document the explicit human approval workflow for the nuclear paths. If any of these checks fail or you are uncomfortable, do not install or run this skill.
Capability Analysis
Type: OpenClaw Skill Name: web-freedom-toolkit Version: 8.0.0 The bundle is a highly sophisticated web scraping toolkit designed to bypass advanced anti-bot protections using DrissionPage, curl_cffi, and Scrapling. It contains several high-risk components, including a local TCP relay (python_relay.py) that forwards traffic between ports 9223 and 9222, and scripts for raw Chrome DevTools Protocol (CDP) takeover (force_takeover.py, nuclear_option.py). While the toolkit includes custom security 'gates' such as Unix Domain Socket handshakes (sota_core.py) and human-interactive challenges (secure_wrapper.py), the ability to perform low-level browser injection and maintain local listeners constitutes a high-risk capability. There is no explicit evidence of data exfiltration or malicious intent, but the 'offensive' framing and 'nuclear' options for bypassing security flags justify a suspicious classification.
Capability Assessment
Purpose & Capability
The name/description (web-bypass, stealth browsing) aligns with included scripts: scrapling, curl_cffi, DrissionPage usage, and utilities for CDP takeovers and tunneling. However multiple included scripts provide low-level driver injection, CDP Runtime.evaluate execution, and a socket relay — features that are high‑privilege and go beyond simple 'fetch' helpers. These advanced capabilities can be coherent for the stated goal but are disproportionate for a lightweight 'fetch' helper and should be explicitly justified.
Instruction Scope
SKILL.md instructs running the unified engine (freedom_engine.py) which is expected, but bundled code references/executes high‑scope actions: raw CDP takeover (force_takeover.py / force injection), direct BrowserDriver injection (nuclear_option.py), creation of local relays and Unix auth sockets, and opening of HTTP CDP endpoints on localhost. Several scripts expect interactive gating or token files; those gating mechanisms are fragile or not enforced by the declared runtime instructions. The agent instructions do not declare or warn about these local privileged operations.
Install Mechanism
No remote installers or downloads are used; dependencies are Python packages listed in requirements.txt and SKILL.md. There is no download-from-URL or extract step in the manifest. This reduces supply‑chain risk compared to remote binary pulls.
Credentials
Manifest/metadata declare no required env vars, yet code expects external signals and secrets not declared: SOTA_NUCLEAR_CONFIRMED env var (nuclear_option.py), a lock file at ~/.openclaw/tmp/sota_active.lock (sota_security.py), and a memory Unix socket /tmp/.sota_auth.sock used for UDS handshakes. Those are control/authorization mechanisms but are not described in SKILL.md or manifest. The number and sensitivity of implicit controls is high relative to the declared 'no env vars' policy.
Persistence & Privilege
The package does not request 'always: true' (good), and SKILL.md/_meta.json include disable-model-invocation: true (which would prevent autonomous invocation). However the registry-level flags reported at the top of this evaluation show disable-model-invocation:false — a metadata mismatch. The code can create local relays/tunnels and spawn subprocesses that run for up to an hour; while scripts include self‑destruct/timeouts, these capabilities increase the blast radius if the skill is invoked — particularly if autonomous invocation is allowed. The metadata inconsistency about model invocation is an important red flag.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install web-freedom-toolkit
  3. After installation, invoke the skill by name or use /web-freedom-toolkit
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v8.0.0
MAJOR EVOLUTION: Rebranded to Web Freedom Toolkit. Integrated the Scrapling engine for self-healing stealth fetches. Unified S-Mode, CFFI-Mode, and D-Mode into a single offensive strategy (v8.0.0).
Metadata
Slug web-freedom-toolkit
Version 8.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Web Freedom Toolkit?

Universal Server-Side Web Freedom Toolkit. Harmonizes Scrapling (Self-Healing Fetch), curl_cffi (TLS Impersonation), and DrissionPage (D-Mode) for undetectab... It is an AI Agent Skill for Claude Code / OpenClaw, with 275 downloads so far.

How do I install Web Freedom Toolkit?

Run "/install web-freedom-toolkit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Web Freedom Toolkit free?

Yes, Web Freedom Toolkit is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Web Freedom Toolkit support?

Web Freedom Toolkit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Web Freedom Toolkit?

It is built and maintained by Biogod2020 (@biogod2020); the current version is v8.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments